Running a RedHat 6.2 box with pam-0.72-20.6.x installed.
This machine was recently reconfigured to expire passwords after 90 days,
giving 7 days notice of expiration + 7 days after to change their
password. A user noticed some odd behaviour. With the password expired but
within the 7 day window to change it....

A tcpdump shows the plain text is being send across encrypted but as you
can see it echos back on the display. Also when changing the password from
this prompt it looks like Linux-PAM uses crypt instead of md5. Any way of
changing that?